¶ General Setup
Setup => General
Enter the setup of the Authorization Box environment like Customer settings, Contracts, Database connections and Authorization Box users.
A video on how to use the Backup export and import options can be found on our YouTube channel.
¶ Customer Settings
Use the ‘Edit’ button (left top corner) to change the Customer Settings.
.png)
Contact name : Name of the company's contact.
Contact Email Address : Email Address of the company's contact.
Contact Phone Number : Phone Number of the company's contact.
Company required in Authorization Requests : When set to “Yes”, the system will check on Company in the Authorization Request.
Authentication Method : Choose which login method has to be used ("Basic" [with a username and password specific for the Authorization Box] or “Microsoft” [with your Microsoft account]).
Multi-Factor Authentication : Choose if this has to be enabled (using Mail code) or disabled. Usually this is not enabled when Authentication with Microsoft has been chosen.
¶ Fasttab Contracts
Shows the contract(s) with 2-Controlware. The number following “Contracts” shows the number of active contracts.
.png)
Application Name : The application a contract has been agreed upon.
Start date : The starting date of the application contract.
End date : The date the application contract will end.
Extension Date : The date the application contract will have to be extended.
Contract terminated : The date the application contract is (going to be) terminated.
Characteristic : Any additional information regarding the application contract.
¶ Fasttab Databases
Shows the number of database connections that are allowed to be set up with the Authorization Box as per contract and how many have already been assigned.
.png)
How to create a (new) database.
If the number of database connections exceeds 10, pagination is used for a better overview of the connections.
¶ Overwrite current permissions in Business Central with those of the Authorization Box
All current permissions in Business Central can be overwritten with the ones in the Authorization Box.
Activating this option, means that only the permissions assigned to a user with an Organization role in the Authorization Box, will be valid for the Authorization Box activated users.
Any permissions assigned directly in Business Central will be removed in Business Central, if they are not present in an organization role assigned to that user.
Open a Database(connection) and check the box "Default overwrite Current Permissions"
When saving, a prompt appears if this has to be executed for all users.
When completed, use “Synchronize all” in this connection (in the drop down menu of the button 'Database').
¶ Fasttab Users
Shows the number of Users that will be allowed to log on into the Authorization Box as per contract and how many have already been assigned.
In the below screenshot, the contract allows 14 Authorization Box users and 9 have already been assigned.
Changing the settings of the current User.
Adding users to the Authorization Box.
¶
Adding users to the Authorization Box
There is a video on our YouTube channel on how to set up User access.
Add a number of users that will be allowed to log into the Authorization Box as per contract.
Go to Setup => General and click on the fasttab “Users”.
Click on ‘New’ to set up a new user.
Enter the user’s Email address.
'Save & Close' : Saves the user and expands the page for more details.
'Cancel' : Cancels adding a user and closes the page.
After saving, enter the user details:
- Name : Enter the user's Name.
- Phone Number : (optional) Enter the User's Phone Number.
- Function Profile : Select the User Profile. (mandatory to grant access to functionality of the Authorization Box)
The Function Profile ‘Application Manager’ has no restrictions on rights.
By choosing the correct Function Profile, a person will be granted specific rights in the Authorization Box.
The most common Profiles used are :
- The Application Manager (has no restriction on rights)
- The Controller
- The Framework Manager
- The Support Employee
- The Support Employee Light (mostly View rights)
- The API User (when access to the API is required)
When a Function Profile has been assigned to an Authorization Box user, the fasttab ‘Roles’ on the usercard will show a check mark for the assigned permissions.
To grant the User access to the available connection(s), click on ‘Select’ in the fasttab ‘Databases’ on the usercard and choose the appropriate ones.
A checkmark will show the selected connections. To deselect access to a connection, click on the check marked selection to remove it.
It is possible to grant the user access to all at once by clicking on 'Select All' or to deny access to already assigned connections by clicking on 'Deselect All'.
‘Save’ : Saves assigning / changing access to connections for that user.
'Cancel' : Cancels assigning / changing access to connections for that user.
When a user has been added, the user will receive an email with a temporary password to log in. After first log in, the password has to be changed.
¶ Roles based on Function Profile
An Authorization Box User has to have a Function Profile to have access to the functionality of the Authorization Box.
A Function Profile has certain roles/permissions assigned.
These have a checkmark in the fasttab "Roles".
.png)
¶ Lock or Unlock User
When a user tried to log in several times with a wrong password, this user will be locked out.
In the user overview it is possible to Unlock (or lock) the user.
Press on the ‘lock icon’ to lock or unlock the user.
Press on the 'reset icon' to reset the password. The user will receive an email with the new, temporary, password.
.png)
¶ Multifactor Authentication
Multi Factor Authentication (MFA) requires users to successfully complete two steps to access the Authorization Box.
It involves entering the username and password, including a confirmation code sent by email.
This provides additional control during the login process. When using MFA the user also needs access to that user's mail to be able to log in.
¶ Set up MFA
Go to Setup => General => Edit.
At the bottom of the customer card, choose the required ‘Authentication Method’ and ‘Multi-Factor Authentication’.
.png)
The ‘Authentication Method’ has the following options:
- Basic : Log in with your credentials for Authorization Box.
- Microsoft : Log in with your Microsoft Office credentials.
The ‘Multi-Factor Authentication’ has the following options:
- Disabled : Multi Factor Authentication is not enabled.
- Mail Code : The user receives a verification code by mail as a second factor for the login attempt.
However, if Multi Factor Authentication is already set for your Microsoft account, that setting still applies.
In these cases, the MFA in the Authorization Box is usually not enabled.
The Basic c/w disabled setting or Microsoft c/w disabled setting ensures that Multi Factor Authentication is not enabled.
To activate / deactivate the MFA for the Authorization Box, per user, switch the button to ‘on’ or ‘off’.
.png)
For Mail Code, the following options apply:
¶ Basic & Mail Code
Enter the login details for the Authorization Box and click on ‘Login’.
An email with a confirmation code will be sent. This code will be valid only once.
With every attempt to log in, a new mail with a confirmation code will be sent.
In the input field as shown below, enter the code from the email.
Click on 'Save' and proceed to log in to the Authorization Box.
¶ Microsoft & Mail Code
On the login screen, click on the green button with 'Login with Microsoft'.
The Microsoft Office login screen will appear, to enter Microsoft email and password.
An email with a confirmation code will be sent. This code will be valid only once.
With every attempt to log in, a new mail with a confirmation code will be sent.
In the input field as shown below, enter the code from the email.
Click on 'Save' and proceed logging in to the Authorization Box.
!Note : After 30 minutes of inactivity, log out will be executed automatically.
¶ Setting up Approval settings (has to be set up per database connection)
How to set up the Approval settings, assign users as an Approver and how to create Approval Groups.
A video can be found on our YouTube channel with an introduction on how to set up Approval settings.
¶ Approval settings
Go to Setup => Approval settings to set up the number of Approvers.
- Number of approvers for company groups :
The number of approvers required for a new or changed Company Group.
If the number is set to 0, no approval is required and a change is processed without approval.
A new Company in a Company Group can result in permissions for users with the same assigned Organization Roles in the other companies in that Group! - Number of approvers for permission set groups :
The number of approvers required for a new or changed Permission Set Group.
If the number is set to 0, no approval is required and a change is processed without approval.
A new Permission Set in the Permission Set Group can result in extra permissions for users with the same assigned Organization Roles in this linked Permission Set Group! - Number of approvers for organization roles:
The number of approvers required for a new or changed Organization Role.
If the number is set to 0, no approval is required and a change is processed without approval.
Should the Organization Role be assigned to an Approval Group, the number of approvers will change according the assigned group. - Default number of approvers for Authorization Requests :
The number of approvers that are required for new Authorization Requests.
If the number is set to 0, no approval is required and a new permission assigned to a User will be processed without an approval.
'Save & Close' : Saves the assigned number of approvers per category and closes the page.
‘Cancel’ : Cancels the changes made in the number of approvers per category and changes the settings to the previous settings.
¶ Approvers
Setup => Approvers shows an overview of approvers and the assigned Approval Type
To create a new Approver, click on 'New'.
- Approver : Select the Authorization Box user to assign that user as an Approver. Several users can be selected. A check mark will appear at their name(s).
- Approval Type : Select the Approval Type. Several types can be selected at once. A check mark will appear at the chosen approval type(s).
Depending on the Approval settings, changes in the framework must be approved.
After approval, the Authorization Box will process the change.
'Save & Close' : Saves the assignment(s) and closes the page.
'Cancel' : Cancels the assignment(s) and closes the page.
¶ Approval types
The following types of approval are available :
- Assign authorizations : Approve Authorization Requests.
- Revoke authorizations : Revoke any assigned / sent Authorization Requests.
- Create / Change Organization Role : To approve the creation or modification of an Organization Role like the addition of a Permission Set.
After approval of the creation / change, the request will be processed.
In case of a change, all the users with the already assigned Organization Role, will automatically be synchronized to process the changes for those users. - Create / Change Permission Set Group : To approve the creation or modification of a Permission Set Group.
After approval of the creation / change, the request will be processed.
In case of a change, all the users with the already assigned Permission Set Group, will automatically be synchronized to process the changes for those users. - Create / Change Company Group : To approve the creation of, or the change of a Company Group.
After approval of the creation / change, the request will be processed.
In case of a change, all the users with the already assigned Company Group, will automatically be synchronized to process the changes for those users.
¶ Approval Groups
Approval Groups are a group of one or more Approvers that can be assigned to one or more Organization Roles.
When an Approval Group is assigned to an Organization Role, this will overrule the general Approval Settings for that specific role.
For instance: the number of approvers required for approval on an Authorization Request is generally 1, but an Approval Group is set to 2.
When an organization role gets this Approval Group assigned, the number of approvals will be derived of the Approval Group (2) instead of the general settings (1).
¶ Set up an Approval Group
Go to Setup => Approval Groups.
To create a new Approval Group click on 'New'.
- Approval Group : The name of the Approval Group.
- Required approvers : The number of approvers required for new Authorization Requests. This number overrules the number of the general settings and has to be 1 or higher.
‘Save & Edit’ : Saves the Approval Group and expands the page for additional details to be filled in.
'Cancel' : Cancels the addition of the Approval Group and closes the page.
When the Approval Group is saved, Approvers can be added to the Group as well as the Organization Roles to be assigned Group.
¶ Adding Users to an Approval Group
When an Approval Group has been made, one or more Approvers can be added to that Group by moving them from the left to the right column in the fasttab “Users”.
This can be done by double clicking on a user or by selecting a user and clicking on one of the arrow buttons pointing to the right.
To finish selecting the user(s) for that Group, click on ‘Save’ in that fasttab.
¶ Adding Organization Roles to an Approval Group
When an Approval Group has been made, one or more Organization Roles can be added to that Group by moving them from the left to the right column in the fasttab "Organization Roles".
This can be done by double clicking on a role or by selecting a role and clicking on one of the arrow buttons pointing to the right.
To finish selecting the role(s) for that Group, click on 'Save' in that fasttab.
When an Approval Group has been assigned to an Organization Role, the “Number of approvers authorization request” for that Organization Role will be set to “Conform Approval Group” instead of “According to General Setup (Default)” or a set number of approvers.
¶ Setting up Notifications (has to be set up per database connection)
To manage and change the notification settings of the Authorization Box.
Click in the upper right corner on the name of the account and select “Notification Settings”.
An overview of all notification settings is prompted.
All notification settings are categorized.
The following categories are defined:
- User Management,
- Authorization Framework,
- Monitoring,
- Synchronization,
- Database.
Choose “Yes” or “No” with the dropdown to receive notifications in the Authorization Box and / or to receive a notification email.
'Save & Close' : Saves the preferences and closes the page.
'Cancel' : Cancels the (changed) settings and closes the page.
¶ API
At this moment, 2-Controlware has a Web API and an Authorization Request API to access our data.
The links to access these :
Web API : https://api.2-controlware.com
Authorization Request API : https://api.2-controlware.com/authorizationrequest/
The links to the Swagger documentation :
Swagger Web API : https://api.2-controlware.com/swagger/index.html
Swagger Authorization Request API : https://api.2-controlware.com/authorizationrequest/swagger/index.html
Log on to the API with a Username and Password or with a Personal access token.
This user has to be granted a specific Function Profile (API User) to be able to access the API.
When using a Username and Password, go to the Swagger Web API page and use the “POST /api/v{version}/Authenticate/Login.
How to get a Personal access token is described below.
¶ Authorization on Swagger
To get access to our API with a Bearer token, log into the Authorization Box and click on the user name in the top right corner.
Select “Personal access token”.
In the following screen click on 'New'.
Fill in the user name and select if this token has to be valid for a period of time or if it doesn't expire.
Click on 'Save'.
A pop-up appears with the Personal access token.
Copy it by clicking on the ‘Copy’ icon and click 'Close'.
In the Swagger Web API page scroll down to “Authenticate” and choose the “POST /api/v{version}/Authenticate/AccessToken”.
.png)
Click on 'Try it out'.
Replace “string” with the user name (keep the quotation marks)
and replace the number after “token” with the token you just retrieved from the Authorization Box (keep the quotation marks).
.png)
Click on 'Execute'.
A Server response with Code 200 shows the Bearer token.
Copy this whole token shown in green.
In our sample picture below, the code is hidden but you need what is between the quotation marks.
The response also shows on the bottom, when this token will expire
Click on 'Authorize' on the top of the page.
As per description in the pop up, start the Value with “Bearer” and paste the code which was just generated.
Click on 'Authorize'.
The value will have been changed into ****** .
Choose ‘Logout’ to leave access to our API or ‘Close’ to start using Swagger.
The green “Authorize lock” shows it is locked when ‘Close’ was chosen.
¶ Example of use with Swagger documentation
Use the Swagger documentation to get the number of Organization Roles right from the API by using the “GET /odata/OrgRolesPerUser/$count”.
Click this option open, click on 'Try it out'
The possible response codes are also shown, some with an example response.
Fill in the Parameters, if required for this request, and click on ‘Execute’.
A Server Response should show the result.
Other possible responses are Code 401 (Unauthorized) or Code 403 (Forbidden). In those cases something is wrong with the token or the rights of the user.